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Applicants respectfully submit that the application amply describes the claimed 
method for control and maintenance of an operational structure and clearly and fully 
describes the computer hardware and software to enable a person skilled in the art to make 
and use the claimed invention without undue experimentation. In other words, the 
specification and drawings set forth in a clear, concise and exact manner apparatus that can 
be used to "electronically" practice the claimed invention. For example, Applicants refer the 
Examiner to page 1, lines 19-24 and page 2, lines 2-7 of Applicants' specification for a 
description of how the claimed invention may be applied in a computer system using 
electronic data and electronic transactions. Further, Applicants refer the Examiner to, for 
example, page 2, lines 16-20, page 4, lines 12-22, page 11, lines 15-22, page 15, line 10 to 
page 16, line 2, page 18, lines 3-6, page 19, lines 8-19 and the drawings for description and 
explanation of how the claimed invention may be implemented using computer hardware and 
software. With the teachings in the application, such as the state and flow diagrams, the 
associated disclosure in the specification and the specific description of applicable computer 
technology in the specification, a person skilled in the art should be able, without undue 
experimentation, to make and use the claimed invention, in particular to "electronically" 
practice the claimed invention. 

Examiner further argues that "any subject matter illustrating how the method for 
control and maintenance may be implemented electronically are critical or essential to the 
practice of the invention, but not included in the claim(s) is not enabled by the disclosure." At 
the outset, Applicants respectfully submit that the Examiner has failed to specify the subject 
matter that is "critical or essential" or provided any specific reasoning sufficient as a proper 
basis for this rejection. See, e.g., In re Armbruster, 185 USPQ 152 (CCPA 1975), In re Lee, 
61 USPQ2d 1430 (Fed. Cir. 2002). Notwithstanding the insufficiency of the rejection, 
Applicants submit that the specific subject matter illustrated in the specification and drawings 
to implement the claimed method electronically are not critical or essential to the practice of 
the claimed invention. As would be appreciated by anyone skilled in the art, any computer 
hardware, computer software, or combination thereof may be used to practice the claimed 
method. 
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Therefore, for at least the above reasons, Applicants submit that claim 1 is patentable 
under 35 U.S.C. §112, first paragraph. Thus, the rejection of claim 1 is traversed and claim 1 
is allowable. 

Rejection under 35 U.S.C. §102(b) 

Further, the Final Office Action maintains the rejection of claims 1-10, 13-39, 41-44, 
47-57, 59 and 61-63 under 35 U.S.C. § 102(b) as being unpatentable over Lampson et al., 
"Authentication in Distributed Systems: Theory and Practice", ACM Transactions on 
Computer Systems, Vol. 10, No. 4, Nov. 1992, pgs. 265-310. Applicants respectfully traverse 
the rejection because the teachings of Lampson et al. fail to disclose, teach or suggest all the 
features in the rejected claims. 

Independent Claim 1 

As noted in Applicants' specification, cryptographic representation of an organization 
has typically been defined statically, for a given time. But, such representation has limits 
especially in organizations facing structural or dynamic changes. Thus, Applicants' invention 
of claim 1 relates to control and maintenance of an operational organizational structure to 
solve, for example, management of dynamic organizations which often can face significant 
structural changes. To facilitate this control and maintenance, Applicants' method of claim 1 
associates entities with cryptographic capabilities and organizes the entities within the 
organizational structure as roles. The claimed method further maintains (i.e., changes, 
updates, etc.) the roles within the organizational structure. 

The Examiner argues that the Lampson et al. theory of authentication and the system 
that implements it "is the 'method' in which a system in which an operational organization 
structure is controlled, where the operational structure is the structure of the authentication 
system that needs to be maintained as disclosed by Lampson et al." If the Examiner's position 
is that the operational organizational structure as claimed corresponds to the "structure of the 
authentication system" as disclosed by Lampson et al., then Applicants respectfully submit 
that Lampson et al. fail to disclose, teach or suggest any method for "control" and 
"maintenance" of that structure. Lampson et al. appears to merely disclose a static 
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authentication system and the control that is discussed by Lampson et al. is traditional access 
control provided within such an authentication system. 

If the Examiner's position is that the operational organizational structure as claimed 
corresponds to the one or more principals acting within the authentication system disclosed in 
Lampson et aL, then Applicants respectfully submit that Lampson et al. fail to disclose, teach 
or suggest any method for "control" and "maintenance" of those one or more principals. 
Lampson et al. merely disclose principals communicating with each other and a system that 
facilitates authentication of one principal to another. Lampson et al. do not disclose, teach or 
suggest controlling and maintaining those principals. Specifically, there is no disclosure, 
teaching or suggestion by Lampson et al. regarding a method to maintain principals in an 
operational organizational structure. Further, to the extent the operational organizational 
structure as claimed includes a certification authority, Applicants respectfully submit that 
Lampson et al. also fail to disclose, teach or suggest any method for "control" and 
"maintenance" of a certification authority. Specifically, there is no disclosure, teaching or 
suggestion by Lampson et al. regarding a method to control a certification authority in an 
operational organizational structure. Indeed, the failure to disclose, teach or suggest control 
over a certification authority in Lampson et al. is supported by the disclosure in Lampson et 
al. that their system can have certification authorities off-line. See page 278 of Lampson et al. 

The Examiner further argues that the "roles that Lampson et al. discusses are roles for 
principals, where principals themselves are 'entities'." Applicants respectfully submit, 
however, that this argument does not address how Lampson et al. discloses, teaches or 
suggests organizing entities within an organization structure as roles, entities which have 
associated cryptographic capabilities. While Lampson et al. discloses principals — entities in 
terms of the claimed method - having roles, Lampson et al. fail to disclose, teach or suggest 
any method for organizing principals within an organizational structure, let alone organizing 
those principals with roles. The roles of principals discussed in Lampson et al. appear to be 
predetermined and supplied to the authentication system of Lampson et al. See, e.g., p. 268 of 
Lampson et al. as cited by the Final Office Action. Thus, Lampson et al. simply do not 
describe a method to structure or organize entities, entities which have associated 
cryptographic capabilities, within an organizational structure as roles as recited in claim 1 . 
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Additionally, Examiner failed to respond to Applicants' additional argument that 
Lampson et aL fail to disclose, teach or suggest maintaining roles within the organizational 
structure. As noted above, while the authentication system of Lampson et al. may be applied 
to an organization, Applicants submit there is no disclosure, suggestion, or teaching by 
Lampson et al. how their system or its operation can or does maintain (i.e., update, change, 
etc.) roles within an organizational structure. Rather, the Lampson et al. system and its 
operation merely facilitates secure communication using principals as roles. See, e.g., p. 268 
of Lampson et al. 

Therefore, Applicants respectfully submit that Lampson et al. fail to at least disclose, 
teach or suggest a "method for control and maintenance of an operational organizational 
structure," comprising "associating entities with cryptographic capabilities", "organizing 
entities within the organizational structure as roles", and "maintaining roles within the 
organizational structure" as recited in independent claim 1 and its dependent claims 1-4, 6-10, 
and 13-15. 

Independent Claim 16 

With respect to independent claim 16 and its dependent claims 17-39, 41-44, and 47- 
51, the Examiner has not specifically responded to the arguments made in Applicants' 
Amendment filed March 29, 2004. Thus, the Examiner has failed to identify specific reasons 
why Applicants' arguments are not persuasive and why these claims are not allowable in 
view of those arguments and Lampson et al. Accordingly, Applicants submit that the 
Examiner has failed to provide the specific reasoning sufficient for a proper basis for this 
rejection. See, e.g., In re Armbruster, 185 USPQ 152 (CCPA 1975), In re Lee, 61 USPQ2d 
1430, 1433 (Fed. Cir. 2002) ("obligation of the agency to make the necessary findings and to 
provide an administrative record showing the evidence on which the findings are based, 
accompanied by the agency's reasoning in reaching its conclusions"). The Examiner's 
conclusory statement that Applicant's arguments were considered and found not persuasive is 
inadequate and the Examiner's reasoning regarding independent claim 1 and its dependent 
claims are inapposite. 

Therefore, Applicants re-submit that Lampson et al. fail to disclose, teach or suggest 
any type of "system for control and maintenance of an operational structure" as recited in 
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claim 16. Rather, Lampson et al. is directed to a security system, particularly an 
authentication system. 

Further, Applicants resubmit that Lampson et al. provides no disclosure regarding 
"maintaining capabilities of entities", such as a role in an organization {see, e.g., claim 19), 
"maintaining functions of entities", such as an operation by a functionary in an organization 
(see, e.g., claim 22), "maintaining characteristics of entities", such as an entity's size, 
threshold for a quorum, or visibility (see, e.g., page 21 of the specification) or "maintaining 
relationships of entities". As discussed above in respect of claim 1, while the authentication 
system of Lampson et al. may be applied to an organization, Applicants submit there is no 
disclosure, suggestion, or teaching by Lampson et al. how their system or its operation can or 
does maintain capabilities, functions, characteristics and relationships of entities within 
organizations as recited in claim 16. Rather, the Lampson et aL system and its operation 
merely facilitates secure communication. 

Applicants also resubmit that Lampson et al. fail to provide any disclosure, teaching 
or suggestion regarding "changing the maintained said entities said characteristics and said 
relationships" as recited in claim 16. While the Lampson et al. authentication system may be 
applied to an organization, all relevant data about such organization is merely supplied to and 
used by the authentication system of Lampson et al. There simply appears to be no disclosure, 
teaching or suggestion regarding changing maintained entities, characteristics and 
relationships within an organization. Applicants submit the discussions at pgs. 271-274 of 
Lampson et al. (as cited by the Final Office Action) regarding statements is inapposite. There, 
Lampson et al. set forth how they propose to handle statements in their system for the 
purposes of authentication. For example, they address how to handle circumstances where 
one principal makes a statement on behalf of another principal. There is no indication or 
suggestion of any sort that the statements referenced in Lampson et al. perform any type of 
changing maintained entities, characteristics and relationships within an organization. 
Lampson et al. merely discuss how to handle authentication of statements. 

Accordingly, the teachings of Lampson et al. fail to at least disclose, teach or suggest 
a "system for control and maintenance of an operational structure" comprising "maintaining 
capabilities of entities", "maintaining functions of entities", "maintaining characteristics of 
entities", "maintaining relationships of entities", and "changing the maintained said entities 
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said characteristics and said relationships" as recited in independent claim 16 and its 
dependent claims 17-39, 41-44, and 47-51. 

Independent Claim 52 

With respect to independent claim 52 and its dependent claims 53-57, 59 and 61-63, 
the Examiner has not specifically responded to the arguments made in Applicants' 
Amendment filed March 29, 2004. Respectfully, the Examiner has failed to identify specific 
reasons why Applicants' arguments are not persuasive and why these claims are not 
allowable in view of those arguments and Lampson et al. Accordingly, Applicants submit 
that the Examiner has failed to provide the specific reasoning sufficient for a proper basis for 
this rejection. See, e.g., In re Armbruster, 185 USPQ 152 (CCPA 1975), In re Lee, 61 
USPQ2d 1430, 1433 (Fed. Cir. 2002) ("obligation of the agency to make the necessary 
findings and to provide an administrative record showing the evidence on which the findings 
are based, accompanied by the agency's reasoning in reaching its conclusions"). Examiner's 
conclusory statement that Applicant's arguments were considered and found not persuasive is 
inadequate and Examiner's reasoning regarding independent claim 1 and its dependent claims 
are inapposite. 

Therefore, Applicants re-submit that Lampson et al. disclose a security system. In an 
embodiment, the system of Lampson et al. may make use of a certification authority as is 
well known. With respect to such a certification authority, Lampson et al. disclose the 
traditional methods of key and certificate management (including issuance, revocation, etc.). 
See, e.g., Lampson et al., pgs. 283-285. For secure communication, the Lampson et al. system 
simply relies on, for example, checking the integrity (e.g., expiry) of the certificates 
themselves or checking certificate revocation lists but does not address, for example, the 
basic issue of the proper association of an entity to a cryptographic capability. Thus, 
Applicants submit that Lampson et al., particularly at pg. 270, do not disclose, teach or 
suggest a maintenance system by which the database, representing entities of an organization 
and their characteristics, roles and relationships, and the cryptographic authorities are 
maintained in coordination and by authorized parties assuring the representation of the 
organization and such that the cryptographic capabilities are soundly associated as recited in 
claim 52. 
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Further, Applicants re-submit that Lampson et al. do not disclose, teach or suggest 
maintenance transactions acting within said maintenance system, maintaining a view 
representing an organization as recited in claim 52. As discussed above, Lampson et al. do 
not disclose any sort of maintenance system. Moreover, Lampson et al. do not disclose 
maintaining any sort of view representing an organization. Page 270 of Lampson et al. merely 
discloses gathering of information and using algorithms to check whether to grant access. 
Applicants submit that there is just no indication that the gathering and checking corresponds 
to maintaining a view representing an organization. 

Accordingly, the teachings of Lampson et al. fail to at least disclose, teach or suggest 
a system comprising "a maintenance system by which said database and said cryptographic 
authorities are maintained in coordination and by authorized parties assuring the 
representation of said organization and said cryptographic capabilities are soundly associated 
as defined by the coordination directives" and "maintenance transactions acting within said 
maintenance system, maintaining a view representing an organization" as recited in 
independent claim 52 and its dependent claims 53-57, 59 and 61-63. 

Therefore, for at least the above reasons, Lampson et al. fail to disclose, suggest or 
teach all the features of claims 1-10, 13-39, 41-44, 47-57, 59 and 61-63, which claims are 
thus at least patentable under 35 U.S.C. §102 and 35 U.S.C. §103. The rejection of claims 1- 
10, 13-39, 41-44, 47-57, 59 and 61-63 is traversed and claims 1-10, 13-39, 41-44, 47-57, 59 
and 61-63 are allowable. 

Rejection under 35 U.S.C. §1 03(a) 

Furthermore, the Final Office Action rejected claims 11, 12, 40, 45-46, and 58 under 
35 U.S.C. § 103(a) as being obvious over Lampson et al. and rejected claim 60 under 35 
U.S.C. § 103(a) as being obvious over Lampson et al. in view of the Unified Modeling 
Language Version 1.0 (January 13, 1997) ("UML specification"). As Applicants submit 
above that independent claims 1, 16, and 52 are novel and non-obvious in view of Lampson 
et al., Applicants accordingly submit that claims 11, 12, 40, 45-46, 58 and 60, which 
respectively are directly or indirectly dependent from independent claims 1,16 and 52, are 
therefore not obvious. Further, the UML specification, on its own or in combination with 
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Lampson et al. plainly fails to provide any disclosure, teaching or suggestion regarding 
independent claims 1,16 and 52, let alone dependent claim 60. Thus, for at least the above 
reasons, Lampson et al. fail to disclose, suggest or teach all the features of claims 11, 12, 40, 
45-46, and 58 and Lampson et al. in combination with the UML specification fail to disclose, 
suggest or teach all the features of claim 60. Thus, the rejection of claims 11, 12, 40, 45-46, 
58 and 60 is traversed and claims 11, 12, 40, 45-46, 58 and 60 are allowable. 

Response to Advisory Action 

Applicants reiterate for the purposes of the Advisory Action all the submissions made 
above in respect of the rejections of the Final Office Action and make the following 
additional submissions. 

With respect to the rejection of claim 1, Examiner argues that the certification 
authority system disclosed on pages 283-286 of Lampson et al. demonstrates interaction of a 
certification authority with its entities and thus Lampson et al. disclose and teach control and 
maintenance of an operational organizational structure as recited in claim 1 . Examiner further 
argues that the disclosure in Lampson et al. of "Principals in roles" and "Abadi as Manager" 
discloses and teaches organizing entities within the organizational structure as roles. 

At the outset, Applicants submit again that Lampson et al. fail to disclose, teach or 
suggest "maintaining roles within the organizational structure" as recited in claim 1 and as 
discussed in Applicants' Amendment filed March 29, 2004 and Applicants' Response filed 
September 17, 2004, arguments to which Examiner has failed to respond or acknowledge in 
the Final Office Action and the Advisory Action. Prior art must disclose or teach a claim as a 
whole. Applicants respectfully submit that Examiner has not considered claim 1 as a whole 
by ignoring the part of "maintaining roles within the organization structure" recited in claim 1 
and thus a prima facie case of unpatentability has not been established. 

Further, to the extent that the certification authority system in Lampson et al. may be 
the operational organizational structure as recited in claim 1, the Examiner fails to explain 
how Lampson et al. discloses electronically organizing entities within the certification 
authority system as roles and maintaining the roles within the certification authority system. 
Lampson et al. merely discloses a certification authority that issues cryptographic certificates 
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for entities. Further, Lampson et al. separately discloses that principals may have roles. 
However, Applicants respectfully submit that Lampson et al. fail to disclose or provide any 
teaching on how these disparate concepts are or may be combined to yield a method 
comprising inter alia electronically organizing entities, having associated cryptographic 
capabilities, within an organizational structure as roles and maintaining those roles within the 
organizational structure. While Lampson et al. disclose that principals may have roles, it 
doesn't follow that Lampson et al. disclose or teach a method of electronically organizing 
principals within an organizational structure as roles and maintaining those roles within the 
organizational structure. Indeed, Applicants submit Lampson et al. is very much silent on this 
and at most discloses an assignment of a role to a principal. Moreover, the disclosure of a 
certification authority system in Lampson et al. is unavailing as Lampson et al. provides no 
disclosure or teaching of how the possible organization and maintenance capabilities of the 
certification authority system are or may be applied to yield a method comprising inter alia 
electronically organizing entities within an organizational structure as roles and maintaining 
those roles within the organizational structure. In sum, Applicants respectfully submit that the 
disclosure or teaching of the separate concepts of principals having roles and a certification 
authority system by Lampson et al. fails to yield the Applicants' method as recited in claim 1 
and that therefore claim 1 and its dependent claims are allowable. 

With respect to independent claim 16 and its dependent claims 17-51, the Examiner 
has not specifically responded to the arguments made in Applicants' Amendment filed March 
29, 2004 and Response filed September 17, 2004. Therefore, Applicants resubmit that inter 
alia Lampson et al. do not disclose, teach or suggest "maintaining capabilities of entities", 
such as a role in an organization (see, e.g., claim 19), "maintaining functions of entities", 
such as an operation by a functionary in an organization (see, e.g., claim 22), "maintaining 
characteristics of entities", such as an entity's size, threshold for a quorum, or visibility (see, 
e.g., page 21 of the specification) or "maintaining relationships of entities" as recited in claim 
16. Therefore, claim 16 and its dependent claims are allowable. 

With respect to independent claim 52 and its dependent claims 53-59 and 61-63, the 
Examiner has not specifically responded to the arguments made in Applicants' Amendment 
filed March 29, 2004. and Response filed September 17, 2004. Therefore, Applicants 
resubmit that inter alia Lampson et al. do not disclose, teach or suggest a maintenance system 
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by which the database, representing entities of an organization and their characteristics, roles 
and relationships, and the cryptographic authorities are maintained in coordination and by 
authorized parties assuring the representation of the organization and such that the 
cryptographic capabilities are soundly associated as recited in claim 52. Therefore, claim 52 
and its dependent claims are allowable. 

With respect to dependent claim 60, the Examiner has not specifically responded to 
the arguments made in Applicants' Amendment filed March 29, 2004. and Response filed 
September 17, 2004. Therefore, Applicants resubmit that inter alia that Lampson et al. do not 
disclose, teach or suggest independent claim 52 from which claim 60 depends and thus 
Lampson et al. do not disclose, teach or suggest claim 60. Further, the UML specification, on 
its own or in combination with Lampson et al. plainly fails to provide any disclosure, 
teaching or suggestion regarding independent claim 52, let alone dependent claim 60. 
Therefore, claim 60 is allowable. 

For at least the above reasons, the rejection of claims 1-4 and 6-63 is traversed and 
claims 1-4 and 6-63 are allowable. 

All rejections having been addressed, it is respectfully submitted that the present 
application is in condition for allowance. If questions relating to patentability remain, the 
examiner is invited to contact the undersigned to discuss them. 
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Should any fees be due, please charge them to our deposit account no. 03-3975, under 
our order no. 061047/0265650. The Commissioner for Patents is also authorized to credit any 
over payments to the above-referenced deposit account. 



JDK/JGH 

P.O. Box 10500 
McLean, VA 22102 

Tel. No.: 703-905-2000 
Fax No. 703-905-2500 



Respectfully submitted, 




Jean-Paul Hoffman 

Reg. No. 42663 

Tel. No.: 703-905-2094 
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